When the plug-in data is being loaded manually there is a reference cycle between the
NetscapePluginInstanceProxy and the HostedNetscapePluginStream. We need to explicitly
break the reference cycle in NetscapePluginInstanceProxy::cleanup so that both objects
will be destroyed.

Take the opportunity to add RefCountedLeakCounter support to HostedNetscapePluginStream
and NetscapePluginInstanceProxy to simplify tracking down leaks of these objects in the future.

In ​http://trac.webkit.org/changeset/47386/ an assert was "fixed" in SKIA code.
When this was pulled into Chromium, it started breaking the page cycler.
Disable it again until we can figure out what's going on.

This patch modifies stateStrikethrough and stateUnderline to use the value -webkit-text-decorations-in-effect
instead of text-decoration. Because text-decoration only retrieves explicit styling at the node on which
the query was sent, we need to use -webkit-text-decorations-in-effect to include decorations added by ancestors
and also u, s, and strike tags.

This patch converts editing/style/underline.html and editing/style/remove-underline.html to a dumpAsText test.

It also adds runDumpAsTextEditingTest which invokes a new testing mode.
runDumpAsTextEditingTest calls user-defined editingTest just like runEditingTest but does not enable editing delegates by default.
It logs innerHTML of the node with id "root" whenever the DOM is changed by exec* functions with the name of function in front.
It should be used in tests where logging of selection and caret positions is not required but logging
of how DOM changed over editing operations is required.

(WebCore::RenderBox::calcPercentageHeight): Tweak the quirk that allows
percentage-height children of auto-height blocks to look for an ancestor
with non-auto height and compute their height based on it. The change is
that if that ancestor is a table cell, it is ignored and the percent
height computes to zero (just like in strict mode). This matches Firefox
and IE.

from the build (just like we do for the other generated bindings
files) so that we don't get warnings about multiply-defined symbols in
JSHTMLDataListElement.cpp and DerivedSources.cpp. Also removed
duplicate versions of JSSVGElementWrapperFactory.cpp, and let VS
reorder a few files.

Cleanup from my patch thet rewrote overflow. Remove unused member variables from RenderTableSection and
move the addition of overflow from children into a separate pass after the height of the section has been
set. This prevents the RenderOverflow struct from being aggressively allocated for all table sections.
(Not a a correctness issue, just a memory issue.)

[Gtk] Remove bogus dependency rules for built sources that derive
from HTMLTagNames.in, HTMLAttributeNames.in and xmlattrs.in. The
header files should be generated regardless of whether the source
file changed or not. We should only rely on the *.in files being
changed.

loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
Don't copy headers to OPTIONS request. The spec is vague about this, but the intention was
that they shouldn't be sent, and Firefox doesn't send them.

Do not unref the WebView in ChromeClientGtk::closeWindowSoon
because (1) a create-web-view handler can return a NULL WebView,
(2) the created WebView is owned by its containing widget, and (3)
clients may not handle the close-web-view signal so this avoids
unreffing a WebView more than once.

notifications/Notification.h:
made event handler routines public (as they are in DOMWindow, eg) for
binding access.

notifications/NotificationCenter.idl:
needed to make methods V8Custom to support different behaviors in
worker/page context in chromium.

workers/WorkerThread.h:
(WebCore::WorkerThread::getNotificationPresenter):
(WebCore::WorkerThread::setNotificationPresenter):
needed to make these methods public as well so chromium can inject
the notification presenter into the worker thread.

xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::XMLHttpRequest): Add instrumentation for this kind of leak.
(WebCore::XMLHttpRequest::~XMLHttpRequest): Ditto.
(WebCore::XMLHttpRequest::createRequest): Only setPendingActivity() if we actually started a request. Also,
restore a call to nonCacheRequestInFlight() that got lost in a recent refactor.

Added a client to SQLTransaction. In addition to being a place to
get notifications about certain events in a transaction, it is
also an abstraction layer that allows us to plug in different
implementations for each port for how transactions interract with
the main DB. For example, WebCore's default implementation will
make direct calls to DatabaseTracker's methods. At the same time,
Chromium's implementation will send IPCs to the browser process
whenever a transaction needs something from the main DB.

Added loader support to shared workers, and refactored worker tests to also test SharedWorkers

workers/DefaultSharedWorkerRepository.cpp:

(WebCore::SharedWorkerProxy::postTaskToLoader):
Forwards load requests to an arbitrary document from the list of worker's documents.
(WebCore::SharedWorkerProxy::postTaskForModeToWorkerContext):
Posts responses back to the shared worker thread.

Refactored to run in either a dedicated or shared worker.
(handleConnect.self.postMessage):
(handleConnect):
(runTests.try.resetLoadFlags):
(runTests):

http/tests/workers/resources/worker-redirect-target.js:

Refactored to run in either a dedicated or shared worker.
(else.self.onconnect):

http/tests/workers/resources/worker-redirect.js: Added.

Moved test code out of worker-redirect.html so it can be shared with shared worker tests.
(log):
(runNextTest):
(testCrossOriginLoad.try.worker.onerror):
(testCrossOriginLoad.try.worker.onmessage):
(testCrossOriginLoad):
(testCrossOriginRedirectedLoad.try.worker.onerror):
(testCrossOriginRedirectedLoad.try.worker.onmessage):
(testCrossOriginRedirectedLoad):

This patch simplifies StyleChange::init by removing the iteration on CSS properties,
and adding functions reconcileTextDecorationProperties and extractTextStyle to handle the style.

Because there is a bug in how text decorations are processes in getPropertiesNotInComputedStyle,
this patch simplifies the treatment in order to preserve the original behavior of WebKit.
However, the current implementation is not best (adds redundant text-decorations) and we should fix it later.

No test is added since there is no change in behavior.

editing/ApplyStyleCommand.cpp:
(WebCore::StyleChange::init): Uses getPropertiesNotInComputedStyle instead of iterating through the properties
(WebCore::StyleChange::reconcileTextDecorationProperties): Removes -webkit-text-decorations-in-effects and redundant "none"
(WebCore::getIdentifierValue): Obtains the identifier of a CSSPrimitiveValue
(WebCore::StyleChange::extractTextStyles): Converts properties in style to m_apply* and removes the property
(WebCore::getPropertiesNotInComputedStyle): Fixed a bug with how text decorations are treated

workers/DefaultSharedWorkerRepository.cpp:
(WebCore::postExceptionTask):
Callback used to deliver exceptions to a document.
(WebCore::SharedWorkerProxy::postExceptionToWorkerObject):
Forwards exceptions to all parent documents for presentation to the user.
(WebCore::postConsoleMessageTask):
(WebCore::SharedWorkerProxy::postConsoleMessageToWorkerObject):
Forwards console messages to all parent documents for presentation to the user.
(WebCore::SharedWorkerProxy::addToWorkerDocuments):
Grabs the mutex before accessing workerDocuments.
(WebCore::SharedWorkerProxy::documentDetached):
Grabs the mutex before accessing workerDocuments.

FilterEffect.cp needed changes to optimize the rendering. With the old code
we drew a subEffect on the current FilterEffect by drawImage, got the PixelArray,
cleared the drawing area, drew the next FilterEffect with drawImage and picked this
PixelArray again. This was unefficient and slow. Now we calculate the requested area
of the subEffect and ask the FilterEffect's ImageBuffer for the PixelArray directly,
without any drawing operations on GraphicsContext.

There is already a test case
Test: svg/W3C-SVG-1.1/filters-blend-01-b.svg

This patch takes the engine's concept of overflow and splits it into two types:
layout overflow and visual overflow.

Layout overflow is about other boxes that spill out of an enclosing box, For example,
in the inline flow case a tall image could spill out of a line box. Examples of
visual overflow are shadows, text stroke (and eventually outline and
border-image).

Three objects tracked overflow before this patch: RenderBlock had
m_overflowLeft/Top/Width/Height variables. RootInlineBox had an Overflow*
that also had four overflow values. Finally RenderReplaced elements tracked shadow/reflection
overflow using a map that cached four values.

This patch takes all of these different overflow models and unifies them into a single
new class called RenderOverflow. This class is now a member variable in RenderBox and
InlineFlowBoxes. It is only allocated if overflow actually exists. Instead of tracking
four values, it tracks eight: left/top/right/bottom for layout overflow and
left/top/right/bottom for visual overflow.

Overflow computation is now done after layout is finished rather than during layout
(when child objects can be churning and moving around). A number of layout tests progressed
by deferring overflow computation to a separate pass.

All inline flow boxes now track overflow (and not just the root line box). This allows
repainting of line boxes to actually be tight and bail early if the overflow rect of a box
doesn't intersect. The old code always visited all object on a line if the root line box
intersected at all.

Line box overflow no longer propagates across self-painting layers. This fixes a number of
issues with incorrect scrollbars appearing when relative positioned inlines were used in a page.

Layer bounds have been modified to exclude visual overflow. The width/height members only really
have one reason for continued existence, and that is that they happen to be used in repaint()
when an overflow clip object's height isn't accurate. In this case, the bounds should exclude
visual overflow anyway, so this change tightens that repaint up.

Root lines have renamed m_selectionTop/Bottom to m_lineTop/Bottom and positionForPoint methods have
been changed to use these instead of relying on overflow (which was totally wrong).

Significant changes have been made to the "almost strict mode" line box quirk where objects with no
text children have no effect on the height of a line. Instead of making the height() of the objects
variable and dependent on overflow, the objects now have their full height and get placed on
the baseline properly. They simply don't contribute to overflow above lineTop/Bottom.

Reflections are no longer considered overflow of any kind. Because reflections have their own layers,
it is not necessary to treat them as visual or layout overflow in the RenderObject tree. The end result
of not incorporating them into RenderOverflow is that they have no effect on scrolling. transparencyClipBox
has been extended to support fully reflecting the entire clip box when a reflection exists. This fixes
numerous repaint bugs in transparent objects with reflections when the transparent objects had self-painting
sublayers.

Update layout tests to account for all of the changes made to overflow to split it into two types. Remove the layout
tests that were recently added that assumed that shadows and reflections should be part of scrollable overflow.

loader/appcache/ApplicationCacheGroup.h:
(WebCore::ApplicationCacheGroup::shouldUseCredentialStorage): If appcache is enabled,
always allow it to use stored credentials (we can't ask WebKit client, and maybe we
shouldn't ask it, because it's not a document that's loading these resources).

We still use AST nodes (ScopeNodes, particularly FunctionBodyNodes) within
the runtime, which means that these nodes must be persisted outside of the
arena, contain both parser & runtime data, etc. This is all a bit of a mess.

Implement accelerated compositing of -webkit-mask, when combined
with already-composited content.

RenderLayerBacking now creates an additional GraphicsLayer for the mask contents,
and sets this as the mask on another GraphicsLayer via the setMaskLayer() method.
GraphicsLayerCA then applies the mask using -[CALayer setMask:].

The enum values for GraphicsLayerPaintingPhase were renamed to avoid the
confusion with "mask", and a new value, GraphicsLayerPaintMask, was added which
indicates that just the mask is painting.

When painting the composited mask, we need to paint with the normal compositing
mode rather than CompositeDestinationIn, so InlineFlowBox and RenderBox now consult
layer()->hasCompositedMask() to pick the mode. If the mask is composited, they no longer
need to make transparency layers.

We no longer have to throw video rendering into software because of masks.

When a masked element has composited descendants, that element needs to
become composited so that the mask can be applied via compositing.

The foreground GraphicsLayer (used to render element foreground when the element has
negative z-order children) was misplaced when there is a clipping layer (which clips
children). The foreground layer is parented under the clipping layer so that the foreground
depth-sorts with the layer's children, so its geometry needs to be computed relative to
that clipping layer.

Also clarified some FIXME comments, and corrected a debug-only layer name.

r47313 made TreeShared types start with a ref-count of 1, but SVGElementInstance was mistakenly
not updated to have a create method that adopted the initial reference. This lead to the instances
of SVGElementInstance allocated by SVGUseElement being leaked.

EvalCodeCache::get was heap-allocating an EvalExecutable instance without adopting the initial reference.
While fixing this we noticed that EvalExecutable was a RefCounted type that was sometimes stack allocated.
To make this cleaner and to prevent clients from attempting to ref a stack-allocated instance, we move the
refcounting down to a new CacheableEvalExecutable class that derives from EvalExecutable. EvalCodeCache::get
now uses CacheableEvalExecutable::create and avoids the leak.

CFNetwork isn't present in the framework search path on Mac OS X so we can't directly include its headers.
We include CoreServices.h, the umbrella framework that contains CFNetwork, from the prefix header which
results in the CFNetwork headers being included on Mac OS X. CoreServices.h doesn't include CFNetwork.h on
Windows though so we explicitly include this header from the prefix header when on Windows.

WebCorePrefix.h:

platform/network/cf/DNSCFNet.cpp: Remove #include that is no longer needed.

WebCore: ​https://bugs.webkit.org/show_bug.cgi?id=27323
Only add Cygwin to the path when it isn't already there. This avoids
causing problems for people who purposefully have non-Cygwin versions of
executables like svn in front of the Cygwin ones in their paths.

Reviewed by Steve Falkenburg.

WebCore.vcproj/QTMovieWin.vcproj:

WebCore.vcproj/WebCoreCommon.vsprops:

WebCore.vcproj/WebCoreGenerated.vcproj:

WebKit/win: ​https://bugs.webkit.org/show_bug.cgi?id=27323
Only add Cygwin to the path when it isn't already there. This avoids
causing problems for people who purposefully have non-Cygwin versions of
executables like svn in front of the Cygwin ones in their paths.

Reviewed by Steve Falkenburg.

WebKit.vcproj/Interfaces.vcproj:

WebKit.vcproj/InterfacesGenerated.vcproj:

WebKit.vcproj/WebKit.vcproj:

WebKit.vcproj/WebKitGUID.vcproj:

WebKitTools: ​https://bugs.webkit.org/show_bug.cgi?id=27323
Only add Cygwin to the path when it isn't already there. This avoids
causing problems for people who purposefully have non-Cygwin versions of
executables like svn in front of the Cygwin ones in their paths.

Also, tightened up behavior of XMLHttpRequest with cross-origin redirects and access control. We have not implemented redirects
for access control, so we should never redirect across origins. But in two edge cases, we were:

Also, tightened up behavior of XMLHttpRequest with cross-origin redirects and access control. We have not implemented
redirects access control, so we should never redirect across origins. But in two edge cases, we were:

A particular version of the MediaWiki software detects WebKit through
user agent sniffing and imports a style sheet called KHTMLFixes.css,
which contains a single rule that was meant to work around some KHTML
bug, but currently has the sole effect of causing the float containing
the main article content to extend all the way to the left and thus push
down the left navigation pane.

css/CSSImportRule.cpp:

(WebCore::CSSImportRule::setCSSStyleSheet): If site specific hacks are
enabled, check if the imported style sheet is the MediaWiki
KHTMLFixes.css. If so, remove the offending rule.

Allow image decoders to down-sample the image directly
to scaled output buffer. This can be enabled/disabled by
macro ENABLE(IMAGE_DECODER_DOWN_SAMPLING).
Only JPEG and PNG decoders are modified to support it now.​https://bugs.webkit.org/show_bug.cgi?id=28308

Allow image decoders to down-sample the image directly
to scaled output buffer. This can be enabled/disabled by
macro ENABLE(IMAGE_DECODER_DOWN_SAMPLING).
Only JPEG and PNG decoders are modified to support it now.​https://bugs.webkit.org/show_bug.cgi?id=28308

(WebCore::AccessibilityRenderObject::accessibilityParentForImageMap):
Get at usemap attribute directly.

editing/DeleteButtonController.cpp:

(WebCore::DeleteButtonController::createDeletionUI):
Get at id attribute directly.

editing/EditorCommand.cpp:

(WebCore::executeInsertHorizontalRule): Ditto.

html/HTMLDocument.cpp:

(WebCore::HTMLDocument::dir): Get at dir attribute of body directly.
(WebCore::HTMLDocument::setDir): Ditto.

html/HTMLElement.cpp: Deleted unused functions.

html/HTMLElement.h: Ditto.

html/HTMLImageElement.cpp: Deleted unused functions.

(WebCore::HTMLImageElement::alt): Changed to return const AtomicString&.
(WebCore::HTMLImageElement::addSubresourceAttributeURLs): Changed to
get at usemap attribute directly, but added a FIXME because although
it is what the old code did, it looks to not be entirely correct.

html/HTMLImageElement.h: Deleted unused functions.

rendering/HitTestResult.cpp:

(WebCore::HitTestResult::altDisplayString): Get at alt attribute directly.

(WebCore::HTMLFrameElement::HTMLFrameElement): Initialize m_noResize.
(WebCore::HTMLFrameElement::parseMappedAttribute): Set m_noResize to true
here if noresizeAttr is changed. This code was moved here from
HTMLFrameElementBase, but I added some FIXME comments.
(WebCore::HTMLFrameElement::setNoResize): Set the attribute based on
boolean argument. Moved here from HTMLFrameElementBase.

(WebCore::HTMLViewSourceDocument::HTMLViewSourceDocument): Don't initialize
pointers any more since RefPtr starts 0 by default.
(WebCore::HTMLViewSourceDocument::createContainingTable): Use more specific
types for local variables.
(WebCore::HTMLViewSourceDocument::addSpanWithClassName): Return a PassRefPtr,
and use a RefPtr of a more specific type for a local variable.
(WebCore::HTMLViewSourceDocument::addLine): Use more specific types for local
variables, and use RefPtr as well.
(WebCore::HTMLViewSourceDocument::addLink): Return a PassRefPtr, and use a
RefPtr of a more specific type for a local variable.

around names used inside {}. Added new createWithNew property for tags
that makes the factory use a create function instead of calling new.
Renamed functions with initialize in their name to have default in their
name, since they return an array full of default values and don't themselves
initialize anything.

After selecting an option element with an 'onpick' event associated with a 'go' task,
the navigation is executed. When going back in history, the same 'onpick' event is fired
again. Fix that problem, add wml/option-element-onpick-recursion.html covering the bug.

WebView/WebTextCompletionController.mm: Added using std::max
and using std::min statements.
(-[WebTextCompletionController _placePopupWindow:]): Changed
type of maxWidth variable from float to CGFloat to prevent a
type mismatch on x86_64. Changed MAX() to max() and MIN() to
min(). Added static_cast for a constant value since CGFloat is
defined as a float on i386 and as a double on x86_64.

Change the order of freeParenthesesDisjunctionContext and
popParenthesesDisjunctionContext on all call sites as the pop
method is accessing backTrack->lastContext which is the context
that is about to be freed.

Replaced logFocusEvents() with setLogFocusEvents(), which takes a
boolean argument to turn logging of focus events on or off.
Added a function to reset the AccessibilityController to a consistent
state.

(AccessibilityController::~AccessibilityController):
Turn off focus event logging when the controller is destroyed.
(AccessibilityController::setLogFocusEvents):
If the caller passes false, unhook the focus event, and clear
m_focusEventHook.